diff --git a/api/login.go b/api/login.go index 5b3b6a5a..839b0121 100644 --- a/api/login.go +++ b/api/login.go @@ -429,6 +429,8 @@ type oidcClaimResult struct { func parseClaim(str string, claims map[string]interface{}) (string, bool) { for _, s := range strings.Split(str, "|") { + s = strings.TrimSpace(s) + if strings.Contains(s, "{{") { tpl, err := template.New("").Parse(s) @@ -442,11 +444,13 @@ func parseClaim(str string, claims map[string]interface{}) (string, bool) { return "", false } - return email.String(), true + res := email.String() + + return res, res != "" } res, ok := claims[s].(string) - if ok { + if res != "" && ok { return res, ok } } @@ -465,12 +469,12 @@ func parseClaims(claims map[string]interface{}, provider util.OidcProvider) (res } res.username, ok = parseClaim(provider.UsernameClaim, claims) - if !ok || res.username == "" { + if !ok { res.username = getRandomUsername() } res.name, ok = parseClaim(provider.NameClaim, claims) - if !ok || res.name == "" { + if !ok { res.name = getRandomProfileName() } diff --git a/api/login_test.go b/api/login_test.go new file mode 100644 index 00000000..ba501e47 --- /dev/null +++ b/api/login_test.go @@ -0,0 +1,55 @@ +package api + +import ( + "testing" +) + +func TestParseClaim(t *testing.T) { + claims := map[string]interface{}{ + "username": "fiftin", + "email": "", + "id": 1234567, + } + + res, ok := parseClaim("email | {{ .id }}@test.com", claims) + + if !ok { + t.Fail() + } + + if res != "1234567@test.com" { + t.Fatalf("%s must be %d@test.com", res, claims["id"]) + } +} + +func TestParseClaim2(t *testing.T) { + claims := map[string]interface{}{ + "username": "fiftin", + "email": "", + "id": 1234567, + } + + res, ok := parseClaim("username", claims) + + if !ok { + t.Fail() + } + + if res != claims["username"] { + t.Fail() + } +} + +func TestParseClaim3(t *testing.T) { + claims := map[string]interface{}{ + "username": "fiftin", + "email": "", + "id": 1234567, + } + + _, ok := parseClaim("email", claims) + + if ok { + t.Fail() + } +}